Apple’s iPhone is a tough target for hackers, but a security researcher warned Friday that there are ways the sleek device could potentially be compromised.
The iPhone has no security software, but Apple doesn’t let people load third-party programs on the device, reducing the risk of infection from malicious software. But when the iPhone is connected to the Web, possibilities emerge, said Marius van Oers, a security researcher with McAfee’s AVERT Labs in Amsterdam.
He doesn’t claim to have uncovered a specific security hole in the device, but listed several ways that determined hackers could use the Web to try to find a way in.
Apple is relying on developers to create rich Web-based applications that will be accessed through the mobile version of the company’s Safari Web browser. Browser flaws are a proven way for hackers to get unauthorized code running on a system, van Oers said.
“It’s fairly easy to send someone an SMS (Short Messaging Service) or an e-mail with a Web link,” he said. “And once you go to the Web link, then that server can inject code into the iPhone, and if that happens, [a hacker] can have full control.”
That’s what happened with a Safari flaw found by Independent Security Evaluators, a company that detailed its findings at the Black Hat security conference in August. By constructing a malicious Web site, the researchers injected code into the iPhone and pilfered recent text messages, phone numbers and e-mail. Apple has since patched the flaw.
“Once you get access to the system, it’s all over,” van Oers said.
Apple, iPhone, Security, iPhone Security, Vulnerability, iPhone Hack, Smart Phone, iPhone Unlock